From: mikael v. <li...@of...> - 2003-09-29 19:58:24
|
Hello maillist, Have just found and downloaded the newest beta, just to give devil-linux a try. I have a few questions and one suggestion. My setup is an old P200 with 64 MB ram and 3 nics - have a webserver on the dmz. 1 question: Where is the IPtables (firewall) script located, who controls the rules ? -have chosen the DMZ and is no longer able to contact my webserver. will need to enter a PREROUTING/Postrouting command in ordre to get this fixed. 2 question: Did a scanning after the install (http://grc.com) Shields-up - Steve Gibson webside and did a scanning test - every port is Stealth (as it should be) except for port 113 , this port is blocked . Why is this port not Stealth as well ? By the way :When loading there is a warning displayed -that the iptables have a weird argument -j . I would think this should be -y to be corrected ?. Thank you for putting a product like devil-linux online. /Mikael _________________________________________________________________________ OFiR Spil - Vind 1.000 vis af kroner! Bes=F8g http://spil.ofir.dk OFiR Kontakt - Interesseret i en sommerdate? Bes=F8g http://kontakt.ofir.dk |
From: Bruce S. <bw...@ar...> - 2003-09-29 20:12:17
|
> Have just found and downloaded the newest beta, just to give devil-linux a > try. Cool! > I have a few questions and one suggestion. > My setup is an old P200 with 64 MB ram and 3 nics - have a webserver on the > dmz. > > 1 question: Where is the IPtables (firewall) script located, The script that is run upon boot is: /etc/init.d/firewall.rules If you run the "setup" program, and tell it to create a 2 or 3 network card firewall, it copies the firewall.rules.2nic or firewall.rules.3nic file (same dir) over top of firewall.rules (losing any custom changes). > who controls the rules ? You do, edit freely! :-) > -have chosen the DMZ and is no longer able to contact my webserver. > will need to enter a PREROUTING/Postrouting command in ordre to get this > fixed. Yes, there are examples in the default script. > 2 question: Did a scanning after the install (http://grc.com) Shields-up - > Steve Gibson webside and did a scanning test - every port is Stealth (as it > should be) except for port > 113 , this port is blocked . Why is this port not Stealth as well ? Port 113 is "ident". For email servers it's best to reject that port instead of dropping traffic, which eliminates long delays in email traffic. You could easily modify the firewall.rules script to also drop that port if you want. > By the way :When loading there is a warning displayed -that the iptables have > a weird argument -j . I would think this should be -y to be corrected ?. There should be no warnings. Can you post the exact warning text? Also which script are you using, and what changes have you made? "-j" means "jump", and most rules have it, and should have it. > Thank you for putting a product like devil-linux online. You're welcome! :-) - BS |